MasterCard and Visa are alerting law enforcement agencies and card issuers such as banks and retailers that a major third-party card processor’s system has been breached and cardholders’ account information may be at risk of being compromised.
The Wall Street Journal identified the credit and debit card processor as Global Payments Inc.
According to the blog KrebsonSecurity.com, which first reported the data thefts, the breach is “massive” and could expose the account information of 10 million MasterCard and Visa customers.
Neither company would say how many cardholders, financial institutions or retailers are potentially affected by the breach.
KrebsonSecurity.com said the breach occurred between Jan. 21 and Feb. 25 and that the customer information obtained could be used to create counterfeit new credit cards.
[A]ffected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.
Both MasterCard and Visa, which also process cards for banks, retailers and other card issuers, have said their systems have not been compromised.
“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands. There has been no breach of Visa systems, including its core processing network VisaNet,” Visa said in a statement.